Fetch all roles

roles/auditmanager.admin

@@ -6,6 +6,7 @@
     "auditmanager.auditReports.get",
     "auditmanager.auditReports.list",
     "auditmanager.auditScopeReports.generate",
+    "auditmanager.billingSettings.get",
     "auditmanager.controlReports.get",
     "auditmanager.controlReports.list",
     "auditmanager.controls.list",

roles/auditmanager.auditor

@@ -6,6 +6,7 @@
     "auditmanager.auditReports.get",
     "auditmanager.auditReports.list",
     "auditmanager.auditScopeReports.generate",
+    "auditmanager.billingSettings.get",
     "auditmanager.controlReports.get",
     "auditmanager.controlReports.list",
     "auditmanager.controls.list",

roles/backupdr.computeEngineOperator

@@ -22,17 +22,21 @@
     "compute.images.useReadOnly",
     "compute.instances.attachDisk",
     "compute.instances.create",
+    "compute.instances.createTagBinding",
     "compute.instances.delete",
     "compute.instances.detachDisk",
     "compute.instances.get",
     "compute.instances.list",
     "compute.instances.listEffectiveTags",
+    "compute.instances.pscInterfaceCreate",
+    "compute.instances.setDeletionProtection",
     "compute.instances.setLabels",
     "compute.instances.setMetadata",
     "compute.instances.setServiceAccount",
     "compute.instances.setTags",
     "compute.instances.start",
     "compute.instances.stop",
+    "compute.instances.updateDisplayDevice",
     "compute.instances.useReadOnly",
     "compute.machineTypes.get",
     "compute.machineTypes.list",
@@ -44,6 +48,7 @@
     "compute.regionOperations.get",
     "compute.regions.get",
     "compute.regions.list",
+    "compute.resourcePolicies.use",
     "compute.snapshots.create",
     "compute.snapshots.delete",
     "compute.snapshots.get",

roles/bigquerydatapolicy.admin

@@ -0,0 +1,16 @@
+{
+  "description": "Role for managing Data Policies in BigQuery",
+  "etag": "AA==",
+  "includedPermissions": [
+    "bigquery.dataPolicies.create",
+    "bigquery.dataPolicies.delete",
+    "bigquery.dataPolicies.get",
+    "bigquery.dataPolicies.getIamPolicy",
+    "bigquery.dataPolicies.list",
+    "bigquery.dataPolicies.setIamPolicy",
+    "bigquery.dataPolicies.update"
+  ],
+  "name": "roles/bigquerydatapolicy.admin",
+  "stage": "GA",
+  "title": "BigQuery Data Policy Admin"
+}

roles/bigquerydatapolicy.viewer

@@ -0,0 +1,11 @@
+{
+  "description": "Role for viewing Data Policies in BigQuery",
+  "etag": "AA==",
+  "includedPermissions": [
+    "bigquery.dataPolicies.get",
+    "bigquery.dataPolicies.list"
+  ],
+  "name": "roles/bigquerydatapolicy.viewer",
+  "stage": "GA",
+  "title": "BigQuery Data Policy Viewer"
+}

roles/blockchainvalidatormanager.admin

@@ -0,0 +1,22 @@
+{
+  "description": "Full access to Blockchain Validator Manager resources.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "blockchainvalidatormanager.blockchainValidatorConfigs.create",
+    "blockchainvalidatormanager.blockchainValidatorConfigs.delete",
+    "blockchainvalidatormanager.blockchainValidatorConfigs.get",
+    "blockchainvalidatormanager.blockchainValidatorConfigs.list",
+    "blockchainvalidatormanager.blockchainValidatorConfigs.update",
+    "blockchainvalidatormanager.locations.get",
+    "blockchainvalidatormanager.locations.list",
+    "blockchainvalidatormanager.operations.cancel",
+    "blockchainvalidatormanager.operations.delete",
+    "blockchainvalidatormanager.operations.get",
+    "blockchainvalidatormanager.operations.list",
+    "resourcemanager.projects.get",
+    "resourcemanager.projects.list"
+  ],
+  "name": "roles/blockchainvalidatormanager.admin",
+  "stage": "BETA",
+  "title": "Blockchain Validator Manager Admin"
+}

roles/blockchainvalidatormanager.viewer

@@ -0,0 +1,17 @@
+{
+  "description": "Readonly access to Blockchain Validator Manager resources.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "blockchainvalidatormanager.blockchainValidatorConfigs.get",
+    "blockchainvalidatormanager.blockchainValidatorConfigs.list",
+    "blockchainvalidatormanager.locations.get",
+    "blockchainvalidatormanager.locations.list",
+    "blockchainvalidatormanager.operations.get",
+    "blockchainvalidatormanager.operations.list",
+    "resourcemanager.projects.get",
+    "resourcemanager.projects.list"
+  ],
+  "name": "roles/blockchainvalidatormanager.viewer",
+  "stage": "BETA",
+  "title": "Blockchain Validator Viewer"
+}

roles/certificatemanager.editor

@@ -9,24 +9,20 @@
     "certificatemanager.certissuanceconfigs.use",
     "certificatemanager.certmapentries.create",
     "certificatemanager.certmapentries.get",
-    "certificatemanager.certmapentries.getIamPolicy",
     "certificatemanager.certmapentries.list",
     "certificatemanager.certmapentries.update",
     "certificatemanager.certmaps.create",
     "certificatemanager.certmaps.get",
-    "certificatemanager.certmaps.getIamPolicy",
     "certificatemanager.certmaps.list",
     "certificatemanager.certmaps.update",
     "certificatemanager.certmaps.use",
     "certificatemanager.certs.create",
     "certificatemanager.certs.get",
-    "certificatemanager.certs.getIamPolicy",
     "certificatemanager.certs.list",
     "certificatemanager.certs.update",
     "certificatemanager.certs.use",
     "certificatemanager.dnsauthorizations.create",
     "certificatemanager.dnsauthorizations.get",
-    "certificatemanager.dnsauthorizations.getIamPolicy",
     "certificatemanager.dnsauthorizations.list",
     "certificatemanager.dnsauthorizations.update",
     "certificatemanager.dnsauthorizations.use",

roles/certificatemanager.owner

@@ -11,32 +11,24 @@
     "certificatemanager.certmapentries.create",
     "certificatemanager.certmapentries.delete",
     "certificatemanager.certmapentries.get",
-    "certificatemanager.certmapentries.getIamPolicy",
     "certificatemanager.certmapentries.list",
-    "certificatemanager.certmapentries.setIamPolicy",
     "certificatemanager.certmapentries.update",
     "certificatemanager.certmaps.create",
     "certificatemanager.certmaps.delete",
     "certificatemanager.certmaps.get",
-    "certificatemanager.certmaps.getIamPolicy",
     "certificatemanager.certmaps.list",
-    "certificatemanager.certmaps.setIamPolicy",
     "certificatemanager.certmaps.update",
     "certificatemanager.certmaps.use",
     "certificatemanager.certs.create",
     "certificatemanager.certs.delete",
     "certificatemanager.certs.get",
-    "certificatemanager.certs.getIamPolicy",
     "certificatemanager.certs.list",
-    "certificatemanager.certs.setIamPolicy",
     "certificatemanager.certs.update",
     "certificatemanager.certs.use",
     "certificatemanager.dnsauthorizations.create",
     "certificatemanager.dnsauthorizations.delete",
     "certificatemanager.dnsauthorizations.get",
-    "certificatemanager.dnsauthorizations.getIamPolicy",
     "certificatemanager.dnsauthorizations.list",
-    "certificatemanager.dnsauthorizations.setIamPolicy",
     "certificatemanager.dnsauthorizations.update",
     "certificatemanager.dnsauthorizations.use",
     "certificatemanager.locations.get",

roles/certificatemanager.viewer

@@ -5,16 +5,12 @@
     "certificatemanager.certissuanceconfigs.get",
     "certificatemanager.certissuanceconfigs.list",
     "certificatemanager.certmapentries.get",
-    "certificatemanager.certmapentries.getIamPolicy",
     "certificatemanager.certmapentries.list",
     "certificatemanager.certmaps.get",
-    "certificatemanager.certmaps.getIamPolicy",
     "certificatemanager.certmaps.list",
     "certificatemanager.certs.get",
-    "certificatemanager.certs.getIamPolicy",
     "certificatemanager.certs.list",
     "certificatemanager.dnsauthorizations.get",
-    "certificatemanager.dnsauthorizations.getIamPolicy",
     "certificatemanager.dnsauthorizations.list",
     "certificatemanager.locations.get",
     "certificatemanager.locations.list",

roles/compute.admin

@@ -391,9 +391,13 @@
     "compute.networkAttachments.setIamPolicy",
     "compute.networkAttachments.update",
     "compute.networkEdgeSecurityServices.create",
+    "compute.networkEdgeSecurityServices.createTagBinding",
     "compute.networkEdgeSecurityServices.delete",
+    "compute.networkEdgeSecurityServices.deleteTagBinding",
     "compute.networkEdgeSecurityServices.get",
     "compute.networkEdgeSecurityServices.list",
+    "compute.networkEdgeSecurityServices.listEffectiveTags",
+    "compute.networkEdgeSecurityServices.listTagBindings",
     "compute.networkEdgeSecurityServices.update",
     "compute.networkEndpointGroups.attachNetworkEndpoints",
     "compute.networkEndpointGroups.create",

roles/compute.viewer

@@ -142,6 +142,8 @@
     "compute.networkAttachments.listTagBindings",
     "compute.networkEdgeSecurityServices.get",
     "compute.networkEdgeSecurityServices.list",
+    "compute.networkEdgeSecurityServices.listEffectiveTags",
+    "compute.networkEdgeSecurityServices.listTagBindings",
     "compute.networkEndpointGroups.get",
     "compute.networkEndpointGroups.list",
     "compute.networkEndpointGroups.listEffectiveTags",

roles/container.serviceAgent

@@ -15,27 +15,23 @@
     "certificatemanager.certmapentries.create",
     "certificatemanager.certmapentries.delete",
     "certificatemanager.certmapentries.get",
-    "certificatemanager.certmapentries.getIamPolicy",
     "certificatemanager.certmapentries.list",
     "certificatemanager.certmapentries.update",
     "certificatemanager.certmaps.create",
     "certificatemanager.certmaps.delete",
     "certificatemanager.certmaps.get",
-    "certificatemanager.certmaps.getIamPolicy",
     "certificatemanager.certmaps.list",
     "certificatemanager.certmaps.update",
     "certificatemanager.certmaps.use",
     "certificatemanager.certs.create",
     "certificatemanager.certs.delete",
     "certificatemanager.certs.get",
-    "certificatemanager.certs.getIamPolicy",
     "certificatemanager.certs.list",
     "certificatemanager.certs.update",
     "certificatemanager.certs.use",
     "certificatemanager.dnsauthorizations.create",
     "certificatemanager.dnsauthorizations.delete",
     "certificatemanager.dnsauthorizations.get",
-    "certificatemanager.dnsauthorizations.getIamPolicy",
     "certificatemanager.dnsauthorizations.list",
     "certificatemanager.dnsauthorizations.update",
     "certificatemanager.dnsauthorizations.use",

roles/datamigration.admin

@@ -44,6 +44,8 @@
     "datamigration.migrationjobs.stop",
     "datamigration.migrationjobs.update",
     "datamigration.migrationjobs.verify",
+    "datamigration.objects.get",
+    "datamigration.objects.list",
     "datamigration.operations.cancel",
     "datamigration.operations.delete",
     "datamigration.operations.get",

roles/datamigration.serviceAgent

@@ -58,6 +58,7 @@
     "compute.subnetworks.get",
     "compute.subnetworks.list",
     "compute.subnetworks.use",
+    "networkmanagement.connectivitytests.list",
     "serviceusage.services.use",
     "storage.objects.get",
     "storage.objects.list"

roles/dataplex.aspectTypeOwner

@@ -2,6 +2,7 @@
   "description": "Grants access to creating and managing Aspect Types. Does not give the right to create/modify Entries.",
   "etag": "AA==",
   "includedPermissions": [
+    "datacatalog.migrationConfig.get",
     "dataplex.aspectTypes.create",
     "dataplex.aspectTypes.delete",
     "dataplex.aspectTypes.get",

roles/dataplex.aspectTypeUser

@@ -2,6 +2,7 @@
   "description": "Grants access to use Aspect Types to create/modify Entries with the corresponding aspects.",
   "etag": "AA==",
   "includedPermissions": [
+    "datacatalog.migrationConfig.get",
     "dataplex.aspectTypes.get",
     "dataplex.aspectTypes.list",
     "dataplex.aspectTypes.use",

roles/dataplex.catalogAdmin

@@ -2,6 +2,7 @@
   "description": "Has full access to Catalog resources: Entry Groups, Entry Types, Aspect Types and Entries.",
   "etag": "AA==",
   "includedPermissions": [
+    "datacatalog.migrationConfig.get",
     "dataplex.aspectTypes.create",
     "dataplex.aspectTypes.delete",
     "dataplex.aspectTypes.get",

roles/dataplex.catalogEditor

@@ -2,6 +2,7 @@
   "description": "Has write access to Catalog resources: Entry Groups, Entry Types, Aspect Types and Entries. Cannot set IAM policies on resources",
   "etag": "AA==",
   "includedPermissions": [
+    "datacatalog.migrationConfig.get",
     "dataplex.aspectTypes.create",
     "dataplex.aspectTypes.delete",
     "dataplex.aspectTypes.get",

roles/dataplex.catalogViewer

@@ -2,6 +2,7 @@
   "description": "Has read access to Catalog resources: Entry Groups, Entry Types, Aspect Types and Entries. Can view IAM policies on Catalog resources.",
   "etag": "AA==",
   "includedPermissions": [
+    "datacatalog.migrationConfig.get",
     "dataplex.aspectTypes.get",
     "dataplex.aspectTypes.getIamPolicy",
     "dataplex.aspectTypes.list",

roles/dataplex.entryGroupOwner

@@ -2,6 +2,7 @@
   "description": "Owns Entry Groups and Entries inside of them.",
   "etag": "AA==",
   "includedPermissions": [
+    "datacatalog.migrationConfig.get",
     "dataplex.aspectTypes.get",
     "dataplex.aspectTypes.list",
     "dataplex.aspectTypes.use",

roles/dataplex.entryOwner

@@ -2,6 +2,7 @@
   "description": "Owns Metadata Entries.",
   "etag": "AA==",
   "includedPermissions": [
+    "datacatalog.migrationConfig.get",
     "dataplex.aspectTypes.get",
     "dataplex.aspectTypes.list",
     "dataplex.aspectTypes.use",

roles/dataplex.entryTypeOwner

@@ -2,6 +2,7 @@
   "description": "Grants access to creating and managing Entry Types. Does not give the right to create/modify Entries.",
   "etag": "AA==",
   "includedPermissions": [
+    "datacatalog.migrationConfig.get",
     "dataplex.entryTypes.create",
     "dataplex.entryTypes.delete",
     "dataplex.entryTypes.get",

roles/dataplex.entryTypeUser

@@ -2,6 +2,7 @@
   "description": "Grants access to use Entry Types to create/modify Entries of those types.",
   "etag": "AA==",
   "includedPermissions": [
+    "datacatalog.migrationConfig.get",
     "dataplex.entryTypes.get",
     "dataplex.entryTypes.list",
     "dataplex.entryTypes.use",

roles/dataprep.serviceAgent

@@ -199,6 +199,8 @@
     "compute.networkAttachments.listTagBindings",
     "compute.networkEdgeSecurityServices.get",
     "compute.networkEdgeSecurityServices.list",
+    "compute.networkEdgeSecurityServices.listEffectiveTags",
+    "compute.networkEdgeSecurityServices.listTagBindings",
     "compute.networkEndpointGroups.get",
     "compute.networkEndpointGroups.list",
     "compute.networkEndpointGroups.listEffectiveTags",

roles/dlp.orgdriver

@@ -883,6 +883,10 @@
     "compute.networkAttachments.deleteTagBinding",
     "compute.networkAttachments.listEffectiveTags",
     "compute.networkAttachments.listTagBindings",
+    "compute.networkEdgeSecurityServices.createTagBinding",
+    "compute.networkEdgeSecurityServices.deleteTagBinding",
+    "compute.networkEdgeSecurityServices.listEffectiveTags",
+    "compute.networkEdgeSecurityServices.listTagBindings",
     "compute.networkEndpointGroups.createTagBinding",
     "compute.networkEndpointGroups.deleteTagBinding",
     "compute.networkEndpointGroups.listEffectiveTags",

roles/dlp.projectdriver

@@ -883,6 +883,10 @@
     "compute.networkAttachments.deleteTagBinding",
     "compute.networkAttachments.listEffectiveTags",
     "compute.networkAttachments.listTagBindings",
+    "compute.networkEdgeSecurityServices.createTagBinding",
+    "compute.networkEdgeSecurityServices.deleteTagBinding",
+    "compute.networkEdgeSecurityServices.listEffectiveTags",
+    "compute.networkEdgeSecurityServices.listTagBindings",
     "compute.networkEndpointGroups.createTagBinding",
     "compute.networkEndpointGroups.deleteTagBinding",
     "compute.networkEndpointGroups.listEffectiveTags",